[英]Azure Service Bus - Topic & Subscription permissioning
I need to expose some messaging (notification) functionality from our system to a 3rd party. 我需要从我们的系统向第三方公开一些消息(通知)功能。
I'm currently prototyping a solution with Azure Service Bus however I've run into a small snag with permissioning. 我目前正在使用Azure Service Bus对解决方案进行原型设计,但是我遇到了一个允许的小问题。
--> SUB1 --> Provider 1
/
MyApp --> TOPIC --<
\
--> SUB2 --> Provider 2
I want to drop a small JSON message into a Topic
. 我想将一条小JSON消息放入
Topic
。 The message will have a "ProviderId" property attached to it, and based on a filtering rule, that message will be filtered out onto a Provider specific Subscription
该消息将附加一个“ProviderId”属性,并根据过滤规则将该消息过滤到特定于提供者的
Subscription
However I don't seem to be able to specify a shared access policy on the Subscription
, to restrict the 3rd party provider to only connecting to their own Subscription
但是,我似乎无法在
Subscription
上指定共享访问策略,以限制第三方提供商仅连接到他们自己的Subscription
Am I correct in assuming that I should setup auto-forwarding
on the subscription to send those messages on to another Queue
and then applying the provider specific security there. 我是否正确地假设我应该在订阅上设置
auto-forwarding
以将这些消息发送到另一个Queue
,然后在那里应用提供者特定的安全性。
--> SUB1 --> AutoForward --> Q1 --> Provider 1
/
MyApp --> TOPIC --<
\
--> SUB2 --> AutoForward --> Q2 --> Provider 2
Or is there another/better/recommended way to do this. 或者是否有其他/更好/推荐的方法来做到这一点。
Your assumption is correct, The shared access policies can only be created against the namespaces and/or message entities, topic in this case. 您的假设是正确的,在这种情况下,只能针对名称空间和/或消息实体创建共享访问策略。 You can check here for more info.
您可以在此处查看更多信息。
It seems to me that the auto-forwarding is the best way to go, more info here . 在我看来,自动转发是最好的方式,更多信息在这里 。
But other thing I can think of is to encrypt the message content using a generated Token that is given to the corresponding provider so it can decrypt that subscription messages but even reading the messages in the other subscription couldn't decrypt them. 但我能想到的其他事情是使用生成的令牌加密消息内容,该令牌被提供给相应的提供者,因此它可以解密该订阅消息,但即使读取其他订阅中的消息也无法解密它们。 That means you would need to manage these tokens though.
这意味着你需要管理这些令牌。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.